Re: [rt-users] Can't login to RT using Active Directory
I added the domain to the username in RT's configuration, restarted apache and now it works. Don't know if it's because it's needed or just because i restarted apache, though i did that earlier and didn't work. I don't think anything changed in AD for it to require the full username, maybe a windows update changed that, i don't know. Thanks -- View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539p62542.html Sent from the Request Tracker - User mailing list archive at Nabble.com. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] Can't login to RT using Active Directory
It works, with the caveat that i have to put the full username (u...@mycompany.com) for it to work. I tried to use the same tactic in RT but still same error. MYUSER in RT's configuration is without the domain name. Should i edit and try? I have never needed to do that before -- View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539p62541.html Sent from the Request Tracker - User mailing list archive at Nabble.com. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] Can't login to RT using Active Directory
Hi, > I'm 100% sure i am using the correct password, i even tried other test > accounts i have and know they can authenticate against AD just fine. try ldapsearch to connect to your AD like ldapsearch -x -H ldap://192.168.100.5:389 -D MYUSER -w MYPASS -b "dc=yourdomain,dc=com" "cn=Administrator" Best regards Daniel > -Original Message- > From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of > fleon > Sent: Wednesday, September 14, 2016 4:25 PM > To: rt-users@lists.bestpractical.com > Subject: [rt-users] Can't login to RT using Active Directory > > I have been able to use Active Directory as authentication with the > ExternalAuth plugin, both before and after it was integrated in RT 4.4. > > But today it isn't allowing anyone in, and this is shown in the error logs: > > [8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from > 192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) > [8629] [Wed Sep 14 15:29:31 2016] [critical]: > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: > LDAP_INVALID_CREDENTIALS 49 > (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678) > > I'm 100% sure i am using the correct password, i even tried other test > accounts i have and know they can authenticate against AD just fine. > > I am also sure nothing has changed on AD itself or in RT's configuration, > however this is my current ExternalAuth configuration: > Set($ExternalAuth, 1); > Set($ExternalAuthPriority, [ 'My_LDAP']); > Set($ExternalInfoPriority, [ 'My_LDAP']); > Set($ExternalServiceUsesSSLorTLS,0); > Set($AutoCreateNonExternalUsers,1); > Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 }); > > Set($ExternalSettings, > { > 'My_LDAP' => { > 'type' => 'ldap', > 'server'=> '192.168.100.5', > 'user' => 'MYUSER', > 'pass'=> 'MYPASS', > 'base' => 'dc=mycompany,dc=com', > 'filter'=> '(objectClass=person)', > 'd_filter' => '(objectClass=FooBarBaz)', > 'tls' => 0, > 'ssl_version' => 3, > 'net_ldap_args' => [version => 3 ], > 'attr_match_list' => ['Name', > 'EmailAddress' > ], > 'attr_map' => { 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'displayName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'description', > 'City' => 'l', > 'State' => 'st', >'Zip' => 'postalCode', >'Country' => 'co' >} >} > } > ); > > I am using debian 8 jessie with RT 4.4.1. Thanks > > > > > > > > > -- > View this message in context: > http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active- > Directory-tp62539.html > Sent from the Request Tracker - User mailing list archive at Nabble.com. > - > RT 4.4 and RTIR training sessions, and a new workshop day! > https://bestpractical.com/training > * Boston - October 24-26 > * Los Angeles - Q1 2017 smime.p7s Description: S/MIME cryptographic signature - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
[rt-users] Can't login to RT using Active Directory
I have been able to use Active Directory as authentication with the ExternalAuth plugin, both before and after it was integrated in RT 4.4. But today it isn't allowing anyone in, and this is shown in the error logs: [8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from 192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) [8629] [Wed Sep 14 15:29:31 2016] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678) I'm 100% sure i am using the correct password, i even tried other test accounts i have and know they can authenticate against AD just fine. I am also sure nothing has changed on AD itself or in RT's configuration, however this is my current ExternalAuth configuration: Set($ExternalAuth, 1); Set($ExternalAuthPriority, [ 'My_LDAP']); Set($ExternalInfoPriority, [ 'My_LDAP']); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers,1); Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 }); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server'=> '192.168.100.5', 'user' => 'MYUSER', 'pass'=> 'MYPASS', 'base' => 'dc=mycompany,dc=com', 'filter'=> '(objectClass=person)', 'd_filter' => '(objectClass=FooBarBaz)', 'tls' => 0, 'ssl_version' => 3, 'net_ldap_args' => [version => 3 ], 'attr_match_list' => ['Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'displayName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'description', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } } } ); I am using debian 8 jessie with RT 4.4.1. Thanks -- View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539.html Sent from the Request Tracker - User mailing list archive at Nabble.com. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017